What is CVE-2022-24464?

CVE-2022-24464 is a denial of service vulnerability in .NET and Visual Studio.

Which software versions are affected by CVE-2022-24464?

CVE-2022-24464 affects Microsoft .NET versions 5.0.0 to 5.0.14, 6.0.0 to 6.0.2, Microsoft .NET Core version 3.1.0 to 3.1.22, and Microsoft Visual Studio 2019 versions 16.0 to 16.11.11, and 17.0.0 to 17.0.7.

What is the severity of CVE-2022-24464?

The severity of CVE-2022-24464 is high with a CVSS score of 7.5.

How can I fix CVE-2022-24464?

To fix CVE-2022-24464, you should update your software to the latest versions. Microsoft has provided patches and remediation steps, which can be found in the provided links in the references.

Where can I find more information about CVE-2022-24464?

You can find more information about CVE-2022-24464 on the Microsoft Security Response Center website. The reference link provides additional details.

Vulnerability/
CVE-2022-24464

high

7.5

8/3/2022

21/12/2023

CVE-2022-24464: .NET and Visual Studio Denial of Service Vulnerability

First published: Tue Mar 08 2022(Updated: )

.NET and Visual Studio Denial of Service Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft .NET 5.0		fix available externally
Microsoft Visual Studio 2019 (includes 16.0 - 16.8)	=16.9	fix available externally
Microsoft Visual Studio 2019 (includes 16.0 – 16.6)	=16.7	fix available externally
Microsoft .NET Core	=3.1	fix available externally
Microsoft Visual Studio 2019 (includes 16.0 - 16.10)	=16.11	fix available externally
Microsoft Visual Studio 2022	=17.0	fix available externally
Microsoft .NET	>=5.0<=5.0.14
Microsoft .NET	>=6.0.0<=6.0.2
Microsoft .NET Core	>=3.1<=3.1.22
Microsoft Visual Studio 2019	>=16.0<=16.6.4
Microsoft Visual Studio 2019	>=16.7.0<16.7.26
Microsoft Visual Studio 2019	>=16.8.0<=16.8.7
Microsoft Visual Studio 2019	>=16.9.0<16.9.18
Microsoft Visual Studio 2019	>=16.10.0<=16.10.4
Microsoft Visual Studio 2019	>=16.11.0<16.11.11
Microsoft Visual Studio 2022	>=17.0.0<17.0.7
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Microsoft .NET 6.0		fix available externally
Microsoft Visual Studio 2022	>=17.0<17.0.7

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464 (Advisory)

Frequently Asked Questions

What is CVE-2022-24464?
CVE-2022-24464 is a denial of service vulnerability in .NET and Visual Studio.
Which software versions are affected by CVE-2022-24464?
CVE-2022-24464 affects Microsoft .NET versions 5.0.0 to 5.0.14, 6.0.0 to 6.0.2, Microsoft .NET Core version 3.1.0 to 3.1.22, and Microsoft Visual Studio 2019 versions 16.0 to 16.11.11, and 17.0.0 to 17.0.7.
What is the severity of CVE-2022-24464?
The severity of CVE-2022-24464 is high with a CVSS score of 7.5.
How can I fix CVE-2022-24464?
To fix CVE-2022-24464, you should update your software to the latest versions. Microsoft has provided patches and remediation steps, which can be found in the provided links in the references.
Where can I find more information about CVE-2022-24464?
You can find more information about CVE-2022-24464 on the Microsoft Security Response Center website. The reference link provides additional details.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/mitre-cve
collector/msrc-cve
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-index
vendor/microsoft
canonical/microsoft visual studio 2019 (includes 16.0 – 16.6)
version/microsoft visual studio 2019 (includes 16.0 – 16.6)/16.7
canonical/microsoft visual studio 2019 (includes 16.0 - 16.8)
version/microsoft visual studio 2019 (includes 16.0 - 16.8)/16.9
canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
canonical/microsoft visual studio 2022
version/microsoft visual studio 2022/17.0
canonical/microsoft .net core
version/microsoft .net core/3.1
canonical/microsoft .net 6.0
canonical/microsoft .net 5.0
canonical/microsoft .net
version/microsoft .net/5.0
version/microsoft .net/5.0.14
version/microsoft .net/6.0.0
version/microsoft .net/6.0.2
version/microsoft .net core/3.1.22
canonical/microsoft visual studio 2019
version/microsoft visual studio 2019/16.0
version/microsoft visual studio 2019/16.6.4
version/microsoft visual studio 2019/16.7.0
version/microsoft visual studio 2019/16.8.0
version/microsoft visual studio 2019/16.8.7
version/microsoft visual studio 2019/16.9.0
version/microsoft visual studio 2019/16.10.0
version/microsoft visual studio 2019/16.10.4
version/microsoft visual studio 2019/16.11.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34
version/fedoraproject fedora/35
version/fedoraproject fedora/36
version/microsoft visual studio 2022/17.0.0